i think there so no anything special in flex/php regarding security issues. maybe only that you should keep in mind that flex client code is executed by untrusted machine while php code is trusted as it's executed on the server. so flex app is less secure by default if apply the same principles as you did for server side framework/language. the best methodology is to advertise your site as the most secure one and wait till hackers bomb it, then fix and repeat again :)
MD5/SHA are hash functions not cipher function (encrypt/decrypt) Andrii Olefirenko --- In [email protected], "Heiko Niemann" <[EMAIL PROTECTED]> wrote: > > Hi, I am looking for books, tutorials, articles that cover aspects, > best practices, and/or concepts of security issues - some kind of > overview. > > Right now I am struggling to put together all the pieces you get when > you google for keywords like authentication management, encryption, > as3corelib, sql injection, ... > > My setup will be: flex app with user login and data requests, php > scripts, mySQL database. > > Questions: > 1) What is the 'best' way to design a secure login process in flex? > 2) After login, how will I authenticate when doing data requests? > 3) Working with GUID/UUID tokens, will I have to encrypt those to make > their use secure? ... or is that a stupip question? :) > 4) Is there any sample how to use the MD5/SHA1 encryption and decrypt > it with php? > 5) I have found the term 'challenge-response methodology'. Anybody > know a (flex/php) sample for that? > > These security issues are so overwhelming once you have to move from > the intranet or localhost to the real world. :) > > Thanks for your help, > > Heiko >
